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^ (57) Abstract: A symmetric k»y ayptograf^ic method is provided for short operations. The method inclndes batching aplorality of 
operation parameteis (1503), and pexfonning an opeiatian according to a corresponding operation parameter (1505). The symmetric 
O key crypiografAic method is a Data Enciyption Standard (DBS) mediod. The short ope^ The 
^ short operalians can be between 8 and 80 bytes. The method Inclndes readtog the batched parameters fiom a dynamic random access 
1^ menaory(1504X and transmitting each operation through a DBS engine accQii^ 
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for two4eaBf codes and i^her <d>hreviaHom, refer to, the "Guid- 
ance Notes on Codes andAbbrevtaUons'' appearing at the begin- 
ning each r^lar issue €f the FCT Gazette, 
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IMPROVING DES HARDWARE THROUGaaPUT FOR SHORT OPERATIONS 

This a noa-^provisional application claiming the benefit of provisional application 
serial No. 60/201,002, filed May 1, 2000. 

5 Technical Field 

The present invention relates to ciyptographic sixpport, and more particularly to . 
cryptographic support for short operations. 

BadcproundArt 

Data Encryption Standard (DES) is a widely-^used method of data encryption using 
10 private keys. There are 72 quadrillion or more possible encryption keys xmder tiie DES tiiat 
can be used for protecting packets between patties over electronic networks. For each packet 
or message, a key is chosen at random. Like ofhra* symm^c key cryptographic methods, 
bofh the sender and receiver need to know and use the same private key. 

DBS applies a S6-bit key to each 64-bit block of data. The process can run several 
IS modes and inchides 16 roimds of operations* Alfhongh this is considered strong encryption, 
inany companies use triple-DES (TDES), which applies tiiree keys in succession to each 
padcet 

DES originated at IBM in 1977 and was adopted by the U.S. Department of Defense. 
It is spedfied in the ANSI X3.92 and X3.106 standards and in tiie Federal 
20 Processing Standards (FIPS) 46 and 81 standards. 

Typically, cryptographic methods focus on large packets (greater than about 80 
bytes). However, when a DBS system is used for smaller packets, the p^ormance may drop 
by an order of magnitode. 
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Therefore a need exists for a system and metbod of ctyptograpMc siqiport for DES 
operatLons which has high throughput for long (>80 bytes) and shorter packets. 
Disclosure of the Invegtion 

Accordii^ to an embodiment of the present inv^tion, a symmetric key cryptogr^hic 
S method is provided for short operations. The method includes batching a pliicality of 

operation parameters, and perfomtung an operation according to a corresponding operation 
parameter. The symmetric key cryptographic method is a Data Encryption Standard (DES) 
meOiod. The short operations can be less than about 80 bytes. The short operations can be 
between 8 and 80 bytes. 

10 The me&od includes batching the plurality of operation parameters and a plurality of 

DES operation into a single request, calling DES for each operation in the request, and 
p^onning DES for each operation separately according to the corresponding operation 
paramet^. 

The method further includes batching the plurality of operation parameters and a 
IS plurality of DEiS operations into a single request, calling DES for the batched operations, and 
performing DES for each operation separately according to the corresponding operation 
parameter. Eadi request is peif(»med with a ddp reset, a key and an itiiti^ 
Calling the DES for the batched opeiatiom further conqirises switdiing a context f^^ 
batched operations. Hie context switch is between ah application layer and a sj^em software 
20 layer. 

The method includes reading the batohed parameters fi^ 
memory, and transmitting each operation through a DES engine according to the operations 
parameter. 
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According to an CTiibodiment of the present invratioru a method is provided for 
unproved DES short oi>eratian throughput. The method includes batching a phirality of 
opmtion parameters, each operation parameter conespcnding to an operation, reading the 
batched operation parametm into a dynamic random access memory, and tnmsmitling-each 
5 operation through a DES engine according to the operations parameter. The DES is 
extemal-to-extenal and an output for each operation is transmitted separately. The short 
operation can be less than about 80 bytes. The short iteration can be betotreen 8 and 80 
bytes- 

Acoording to an embodimrat of the present invention, a symmetric key ciyptogretphic 
10 method is provided for operations between about 8 and about 80 bytes in length. Hie method 
includes providing a key index to an ^gine, and pumping ^e operations through the engine 
in bulk wh^^ a central pticessing unit does not handle the bytes. Hie engme is a DES 
engine. 

The method includes resetting an engine chip for an operation, reading an 
IS initialization vector, and loading the initializatia^ 

fiiriher includes determining a key fiom the key index, loading the key into the engme chip, 
and reading a data length for the operation. 

The method includes transxnitting the data length through an Input channel into the 
engme cfaq>, and lianmutting the data length througih an Output chamiel. The n^gtnTiqlif are 
20 FIFOs. 

BrirfDegctiiptiQft QfJ>aYm& 

Preferred embodiments of the loesent invention 
. detail, with reference to the accompanying drawings: 

3 
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Fig. 1 is a diagram of fhe DBS architecture according to an embodiment ofihc present 
invention; 

Fig. 2 is anoHier diagram of fhe DBS architecture according to. an embodimeirt of the 
present invention; 

5 . Fig. 3 is still another diagram of fhe DES ardiitecture accordmg to an embodiment of 

fhe present invention; 

Fig. 4y is yet another diagram of the DBS architecture according to an embodiment of 
the iH'esent invention; 
I Fig.5isadiagramoftheFIF0 8tnicturesiU5)por^ 

I 10 according to an embodiment of Hie present invention; 



Fig. 6 is another diagram of the FIFO structure supporting DES/TDES with a 
coprocessor according to an embodiment of the present invention; 

Fig. 7 is still another diagram of the FIFO structure supporting DBS/TDES with a 
coprocessor accc^ding to an embodiment of fhe present invention; 
IS Fig. 8 is yet ano&er diagram of the FIFO stnicture supporting DES/^ 

coprocessor according to an embodiment of file present invention; 

Fig. 9 is a furOier diagram of the FIFO structure supporting DES/IDBS with a 
coprocessor according to an embodiment of Ifae present invention; 

Fig. 10 is a diagram of the FIFO stmdture siq>portbig DBS/TDES wi& a coprocessor 
20 according to an CTibodiment of the present invmtion; 

Fig. 1 1 is a flow diagram of an s^lication handling two operations as separate 
sccRequests according to the prior art; 

Fig. 12 is a flow diagram iUustratmg a batched host-card iut^ction accent 
embodiment of the present invention; 
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Fig. 13 is a flow diagram of nuiltiple operations batched into a single call according 
to an embodiment of the preseztt invention; 

Fig. 14 is a flow diagram of a method vAdoh reduces data transfers for each operation 
according to an embodiment of the present invention; 
5 Fig. 15 is a flow diagram of a me&od which batches parameters for all operations 

into a block according to an embodiment of the present invention; «tiH 

Fig. 16 is a graph illustrating DBS speeds for various embodiments of die present 
• invCTtion. 

Best Mode for Carrying Qnt the Inventinn 

10 The present invention provides a system and meftod for ciyptogc^Mcsup^ 

has high tfarougtq>ut for long and short DES operations. According to an embodiment of the 
present invention^ the system includes a multi-chip mibedded module* packaged in a : 
Peripheral Con^onent Interconnect (PCI) card In .addition to cryptogmphic hardware and 
circuitry for tamper detection and req>ons6, a general-purpose computing environment is 

IS provided including a central processing unit, and executing software stored in ROM and/or 
Flash memory. 

Referring to Fig. 1, the multiple-layer software architecture of the cUent 101 and the 
host lOS is showiL The client-side includes foundational security control in Layers 0 and 1 
102, a supervisor-level software system in Layer 2 103, and a user-level software £^lication 
20 in Layer 3 104. Layer 2 103 supports application development Within Layer 2 103, a kemel 
provides the operating system abstractions of zxmltcple processes and address q)ac6s; these 
abstractions support independent managers, which handle ciyptographic hardware and .other 
input/output (VO) on the bottom* and provide higher-level application program inter&ces 
(APIs) to the Layer 3 application 104. An API is the specific method prescribed by a 

S 
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computer or by another program by which a programmer writing an application program can 
make requests of the operating, system or another application. Typically^ the Layer 3 
Implication 104 m turn provides an abstraction of its own API to a host^side application 107. 
The host-side 105 includes a device driver 106 and a host application 107. According 
5 to Fig. 2, for the Layer 3 application 104 to use a sendee provided by the card-side 

aj^lication, the host-side ^plication 107 issues a call to ttie host«side device driver 106. The 
device driver 105 opens an sccRequest 108 to the Layer 2 system 103 on the device. 
Layer 2 103 informs the Lay^ 3 application 104 resident on the device of the enstence of 
the requestj and the parameters the host sent along with the request. 

10 According to Figs. 3 and 4, the Layier 3 application 104 handles the host application's 

request for service, for example, it can direct Layer 2 103 to transfer data 109 to the device 
driver 106 and perform tiie needed cryptogrs^hic operations. The Layer 3 application 104 
closes out the sccRequest 110 and sends the output back 1 1 1 to the bost application 107. 
According to an embodiment of the present invention, a device for &st cryptography 

15 is provided. Tlie device includes a coprocessor having a central processing unit (CPU), at 
least two levels of intOTial software and at least three data paths, Hxe software levels can 
include an operation system or kemal level and an i^lication leveL The data pattis can 
include an external to internal memory and/or CPU path, an internal memory and/or CPU to 
a symmetric engine path, and a channel between the external system and the symmetric 

20 engine. The channel can be a jSrst-in first-out (FIFO). According to an embodiment of the 
present invention, the device includes a FIFO state machine. The FIFO state machine 
structure transports or drives data into and out of the method engine. 

It should be noted that while the present invention is presented in terms of a 
symmetric cryptographic fimction (e.g., DES), the invCTtion conteniplates any parameterized 

6 
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fimction cm variable leagfh data! Thus, DBS is provided as an example of aa embodiment of 
fhe present invration and given* fhe teachings of Ihe present invention provided herein, one of 
ordinary skill in the related art will be able to contenqilate these and similar implementations 
or configurations of the inresent invention. 
5 Referring to Fig. 5, the FIFO structcre works wiA the DES/TDES engine 500. The 

present invention is described according to an IBM 4758 coprocessor, specifically Models 
002/023 PCI cryptographic coprocessors, however, given the teachings of the i^esent 
invention provided herein, one of ordinary skill in the related art wiU be able to contemplate 
these and similar implementations or confignratLons* . . 

10 In Model 2 hardware, fhe FIFO stnictore also si:Q>portslisist Sec 

(SHA-1); though the structure may be applied to any method engine. 

For both input and output, two pairs of FIFOs 501-504, a PCI FIFO pair 501-502 and 
an internal FIFO pair 503-504 are provided for external and intemai transfer, respectively, as 
well as a Duect Memory Access (DMA) controller 505-506 for GPU-firee transfer into and 

15 out of intemai dynamic random access memory (DRAM) 507. 

The intemai CPU 508 selects which data paths to activate, and what key, initialization 
vector (IXOj and other operational parameters the DES ^gine 500 may use, via control 
registers (not shown). Hie IV is generated, by a random number gen^or, typically included 
in Ihe Layer 2 system, and combined witli the uneiicryted text and fhe key. The key is a 

20 variable value applied to a blocTk of unencrypted text to produce encrypted text 

Configurations of the DES engine 500 include bulk extemal-to-extemal DES (shown 
inFig. 8), bulk internal-to-intsiial DES (output DMA 506 to intenialin^ 
500, tiien back through the Intmial Output FIFO 504 and PCI Output FIFO 502), and DMA 
transfer (e.g., Fd input FIFO i6l to intemai hiput FIFO 503 to ii^ut DMA 505 and fcom tiie 

7 
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Output DMA Controller 506 to the Intemal Output FIFO 504 and to the PCI Output FIFO 
S02)* Furfhety die DES haandware can be configured in a bypass mode in wiiidi &e 
conurtercial Layer 2 system does not use Ae hardware. 

One constraint on the system is tiiat either botti internal FIFO-DES paths need be 
S selected (bulk mode), or neither is to be selected. Another constraint is that the FIFO 

configurations cannot be altered until data transfer is paused, and the state machine driving 
the FIFOs will transfer data asynchronously until resources are exhausted. 

The int^nal CPU 508 can configure the FIFO hardware to support card applications 
m various ways. For example, Fig. 6 depicts a configuration in which the FIFOs bring data 
10 into the card via the DMA, such as whea the host application opens up a sccRequest to 
the card application. Data passes fiom die PCI Jnpat FIFO 501 to the Intemal Input FIFO 503 
via 60 1 , to the Input DMA Controller 505 via 602, to the DRAM 507 via 603 and 604. 

Referring to Fig. 7 depicting a DES request, the card may transfer ee operational 
parameters fiom the DRAM 507 into the DES diip 500. The internal CPU 508 loadii^ 
15 operational parameters into the DBS chip 500 fi*om the DRAM 507 via lines 701-703. 

According to Fig. 8, if t^e DES request is for external-to-external DES, the ca^ 
configure the FIFOs to bring the data in fiom the host, throng tiie DES diip 500 and back to 
the host The CPU 508 can configure the HFOs 501-504 to stream d^ 
through the DES chip and back to the host via lines 801-804. 
20 Additionally, if the DBS request is for intemal-to-intemal DES and is detemiined to 

be too short for DMA, the card may manually push the data bytes through. The CPU 508 can 
drive data firom the DRAM 507 through the DES/TDES eiigine via pn>grammed I/O 
lines 901-904. 

8- 
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As depicted in Fig. 10, wheal the sccReguest is complete, the card may send the 
results back to the host via DMA. The internal CPU 508 can configure the FIFOs to send 

data jSnom the DRAM 507 back to the host via the DMA and lines 1001-1004. 

. 'I 

The present invention proposes methods for increasing the throughput of short DBS 
5 operations. The methods used for evaluatiiig the present invention included, DBS operations 
mcluding cipher block chaining (CBC) eacrypt and CBC-decrypt, vn1h data sizes distributed 
. uiufoimly at random betvsreen 8 and SO bytes. Qiaining is a method whi^ 
decryption of a block of cipher text on aU preceding blocks. The IVs and keys changed wititi 
each operation; the keys are tripple-DES (TDES) encrypted with a master key stored inside 
10 the device. Encrypted k^s, IVs and other operational parameters are sent in with each 

operation, but are not counted as part of the data througiq)ut Although the keys may change 
with each operation, the total number of keys is small, relative to the. number of requests. 
Referring to Fig. 16, the speeds obtained for DES operations are shown for various 
embodiments of the present invention. Using Model 1 hardware a speed indicated by 1601 
15 was achieved. 

A baseline hnplementation was established using a Model 2 prototype for the 
following embodiments. According to Fig. 1 1, the host application handles each operation 
1101-1102 as a. separate sccRequest 1103-1104 with PtogrammedIi^irt/Output(PIO) 
DES. The implementation includes the host application whi(di generates sequences of 
20 short-DES requests (cipher key, IV, data) and the card-^side application. The card-side 
application catches eadi request, imparks the key, sends the data, key, and TV to the DES 
engine, and sends the results back to the host Keys were randoinly chosen over a s^ 
; cipher keys. Cubing kQfs inside the card reduced the e?^ 
increased the speed 1602. 
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Accordbg to an embodiment of fhe present inventLon, tiie short-DBS performance 
can be enhanced by reducing the host-card interaction. Referring to Fig. 12, this includes 
batdiing a large sequence of short-DBS requests into one sccRequest 1201. The card-side 
application was modified accordingly to receive the sequence in one step, process each 
S <q)eration 1202-1205, and send 1}ie concatenated output back to the host in one step 1206. 
The Layer 3 application calls DBS for each operation 1202 and 1204. Layer 2 performs the 
DBS fi>r each operation separately 1203 and 1205. Speeds obtained for the benchmark data 
above where between about 18 to 23 kilobytes/second and 19 to 40 kilobytes/second witii 
key catching 1603. 

10 According to an embodiment of the present invention, by eliminating the DBS chip 

reset for each operation the short-DBS performance may be increased 1604. By gmerating a 
sequence of short-DBS operation requests that use one key, one direction (decryptor 
encrypt), and IVs of zero (although the IVs may be arbitrary), a speed of about 360 
kilobytes/second can be achieved The card-side application receives the operation sequence 

1 5 and sends the operation sequence to tiie Layer 2 system. In Layer 2, a modified DBS 

Manager (the component controlling the DBS. hardware) sets up the chip with the key and an 
W of zeixk, and tranmuts the data through fhe chip. The 
Manager p^orms an exclusive-or QCOR) to break the chaini^ 

fhe software manually XOR's the last block of cipher text ftom the previous operation with 
20 . the first block of plam text for the operation, m order to cancel out the XOR that tiie chip 
would do. 

According to the batching nouethod, besides reducing the number of chip resets^ the 
nomb^ of context switches between tiie Lay^ 3 and Layer 2 is reduced from 0(n) td 0(1), 
wherenistiienunaberof opersitionsindiebatckRefeiringtoFig. 13, according to another 

10 
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embodiment of flie present invention, by using the multi-key^ non-zero-IV setiq> (lesults 

shown as 1603), the card-side application 1302 was alt^d to send batched requests 1301 to 

a modified DBS Manager (Layer 2) 1303-1304, thus reducing the mimber of context 

•« « « •• 

switches. The card-side application 1302 calls DBS £ar tiie batched operations. The modified 

5 DES Manager 1303-1304 processes each request wifii a chip reset and a new key and IV. The 
requests are sent to the host 1305. The results obtained using liie modified DES Manager 
1303-1304 are shown as 1604 in Fig. 16. 

According to yet another embodiment of the present invention, the FIFO state 
. machine pumps data bytes throng DES in a bulk mode. Thus, the CPU does not handle the 

10 databytes. According to the prior me&ods, each byte of the c^her key, W, and 

handled many times. The bytes came in via FIFOs and DMA into the DRAM with an initial 
sccRequest buffer transfer. The CPU takes the bytes out of DRAM and puts Ihraa into tiae 
DES chip. The CPU takes the data out of the DES chip and puts it back into DRAM. The 
CPU sends the data back to the host tiirough the FIFOs. Accordingly, by reducing the number 

IS of data transfers tiie throu^put can be increased 1605. Key unpacking is eliminated as a 
buih-in part of the API, Each application may have a unique method of unpackmg, making 
. . . the API unpacking redundant; Within each application an initialization step concludes with a 
. plain text key table resident in the device DRAM. The operation lengths Wjere standardized to 
40 bytes. In addition, the host application was modified to generate sequences of requests 

20 that include an index into the internal key table, instead of a cipher key. Thus, the card-side 
c^lication 1401 calls the modified DES Mang^ 1402 and 1407 and makes the key table 
1403 and 1408 available to it, rather than immediately bringing &e request sequence from 
tiie PCI Input FIFO into DRAMV For each operation the modified DES Manager 1402 and 
1407 resets the DES chip; reads the IV and loads itintotiie chip; reads and sanity checks Ifae 

11 
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key table, looks tip Hie key, and loads it into tfie cliip; and reads the data length for the 

operation. The modified DES Manager sets xtp the state manhftift to transmit that number of 

bytes through file Inimt FIFOs into the DES chip tiien back out the Output FIFOs 1404-1406 

and 1409-141 1. The card-side application closes out the request 1412« The results are shown 

5 as 1605 in Fig. 16. 

According to an embodiment of the present invention. The number of Indostxy 

Standard Architecture (ISA) I/O instructions was increased (doubled) which reduced the 

throughput by half, showing a correlation between the ISA I/O mstructions and the 

■* ■ ' * 

thxougiq>ut speed. Hie modified DES Manager described above (with respect to 1605 and 

*. . 

10 Fig. 14) was then modified to use memory-mapping I/O ports instead of ISA I/O when 
available (the hardware used di^^ not provide menK>ry mapped I/O ports for all mstances). 
Hie software was also modifiedlto eliminate any spurious FIFO reads caused by certain state 
machme polling intermittently. The results are shown as 1606 in Fig. 16. 

Referring to Fig. 15, by batchii^ the parameters togeflier» the parameters can be read 

15 via memoiy-mapped operations^ allowing modification of tiie FIFO configumtion and &e 
processing of tiie data. Layer 3 calls £>ES for the batched operations 1501 . The host 
application batches tiie p^-bperation parameters into one group 1 503, attached to the input 
data. The modified DES Manager sets up the Intenial FIFOs and the state ma^ 
batched parameters, by-passing the DES chip 1502; reads the batched parameters via 

20 memory"nuq[>ped I/O fitmtiie Internal Output 

reconfigures the FIFOs; and, using the bufGered parameters, sets up tiie state machine and the 
DES chip to transmit each op^ition*s data 1506 and 1510 from the iispnt FIFOs, through the 
DES, then back out tide Ou^iit FIFOs 1505, 1507 and 1509 and 1511. Layer 3 closes out tiie 

12 
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request 1S12. The results are shown in 1607 in Fig. 16. Hie accuracy of flie meHiod may be 
increased by accessing fhe IV and data length registers through the ISA method 1608. 

According to the preset invention, the short-DES speed can be detemiined according 
to the following relationship: 

^ C\ 'Batches + Ci •Batches* Qps^ C3 ^Batches > Ops-DataLen 

Batches • Ops • DataLen 

where Batches is the number of host-card batches. Ops is the nuniber of opemtions per batch, 

DataLen is the average data length per operation, and C?, and C3 are unknown constants 

representing tibie p^-batch per-o^peration and per-byte overheads, respectively. 

The present invention contemplates eliminating the per-batch ove^ 

10 modifying flie host device driy|eff-Lay<^ 2 interaction to enable indefinite eccRequest, with 
added polling or signaling to indicate when additional data is ready for transfer. The 
per-operation overhead Ci mayjbe reduced by minimizing the nimiber of per-operation 
parameter transfers. For sample, the host sQ)plication may, within a batch of operatioi^ 
interleave parameter blocks tiiat assert arguments such as, the next N operations all use a 

15 particular key. This method eliminates bringing in and readi^ 

iteration. Another example can includes the host application processing the IVs before or 
after transmitting the data to the card. This is not a security issue if the host application is 
trusted to provide the IVs. Themetiiod eliminates bringing in the IVs and, because the DBS 
chip has a de&ult IV of zeros after reset, eliminates loading the IVs. 

20 According to another embodiment of the present invention, per-operation overhead 

may be reduced by redesigning the FIFOs and the state machine. By modifying the DES 
engme to expect data-input to mclude parameters interleaved with data, then fhe 
per-pperation overhead C2 may^pproach the per-byte overhead Cj. The state machine 
handles fewer output bytes than input bytes and the CPU controls the class of engine 

13 
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operatioDs over which the paiai;neters, for example, chosen externally, are allowed to range. 
For example, the external entity 4nay be allowed to choose <Mily certain types of encryption 
operations. Further, the CPU may ins^ indirection cm the parameters the external entity 
chooses and the parameters the engine see, e.g., the external entity provides an index mto an 
5 internal table. ^ 

Having described embodiments of a system and method of cryptography > it is noted 
that modifications and variations can be made by persons skilled in the art in li^t of the 
above teachings. It is therefore to be miderstood that cbanges may be made in the particular 
embodiments .of the invention d&closed which are within the scope and spirit of the invention 
10 as defined by the appended claims. Having thus described the invention with the details and 
particularity required by the patent laws, what is clainos and desired protected by Letters 
Patent is set.forth in the appended claixns. 



14 
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What is claimed is: 

I. A synunetiic key cayptogcaphic mediod far short operaticms comprising the steps of. 
batching a ptairality of operation parameters; and 

perfomimg an operation according to a corresponding operation parameter. 

5 

2« The method of claim I3 wherein the symmetric key cryptographic method is a Data 
]&iayptLon Standard (DES) method 

3. The method of claim 1, wherein the short operations are less than about 80 bytes. 

10 

4. The method of claim 1» wherem the short operations are b^een 8 and 80 byfes. 

5. Tlie method of claim 1 , fiirfher comprising the steps of: 

batching the plurality of operation parameters and a plurality of DES operation into a 
IS single request; 

calling DBS for each operation in the request; and 

performing DBS for each opemtion separately according to the corresponding 
operation parameter. 



20 



6. Ilie method ofclaiml, further compiisingtibie steps o£ 

batching the plurality of operation parameters and a plurality of DES operations into a 
single request 
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calling DES for tlie batched operations; and 

perfonning DES for each operatLon separately according to the oorrespondmg 
operation parameter, 

5 7, The method of claim 6, wherein each request is performed with a chip reset and a key 
and an initialization vector. _ 

8. Hie method of clami 6, wherein the step of calling the DES for the batdied operations 
further comprises switching a context for tiie batched cyperatlons. 

10 

9. The method of claim 8, wherein the pontes switch is betwera an ai^lication layer 
and a system sofiEware layer. 

10< The me&od of claim 1» further comprising the steps pt 

readmg the batched parameters &om a dynamic random access-membry; and 
transmitting each operation through a DBS engine according to the operations 
parameter. 

11. A method for improved DES short operation throughput comprising the steps of: 
20 batching a pliuaUty of opa»tionparanaetera»eadi operation parameter 

to an operation; 

reading the batched operation parameters into a dynamic random access memory; and 
transmitting each opeirztion tinxmgh a DBS engine according to tiie operations 
parameter. 

16 
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12. The method of claim 10» wherein ttie PES is extraiial-to-extemal aitid an output for 
each qpeiatioxi is transmitted separately. 

S 13. The method of claim 10, wherein the short operation is less than about 80 bytes. 

14 The method of claim 10» wherein the short operation is between 8 and 80 bytes. 

15 A symmetric key ciyptogrEq)hic me&od for pp»:atLons between about 8 and about 80 
10 bytes in length comprising the steps of: 

providing a key index to an ^igine; and 

pumping the oi>erations through the engine in bulk wherein a central processing unit 
does not handle the bytes. 

15 16 Themethodof claim 15 wherein the engme is a DBS engine. 

17 The method of claim 15 furttiCT comprising the steps of: 
resetting an engine chip for an opeisition; 
reading an initialization vector; 
20 loading the initialization vector into the engine chip; 

detennmiog a key from ftie key index; 
loading the key into the engine chip; and 
reading a data lengfli for the operatiorL 



17 
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18 Tfaemefhodofclaim ITfurfhexcompris 

i 

transmitting the data Iragtli through an Input channel into the engine chip; and 
transmitting Ifae data length tiirough an Ou^t channeL 

S 19, The niethod of claim 18^ whereui the channels are FIFOs. 
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